I note that they're not applying DPI to encrypted traffic per the spec, but they do note that unencrypted portions of encrypted packets will still be inspected.
The example they give is that if a PDU is encrypted, but all of the other sections of the packet are not, then only the PDU won't be inspected.
The example they give is that if a PDU is encrypted, but all of the other sections of the packet are not, then only the PDU won't be inspected.
Still, DPI is scary as all hell.